Technical Analysis of Copybara

Aug. 22, 2024, 6:52 p.m.

Description

This report presents a comprehensive technical analysis of a newly discovered variant of the Copybara Android malware. The malware, which emerged in November 2021, is primarily spread through voice phishing attacks. It utilizes the MQTT protocol for command-and-control communication and abuses Android's Accessibility Service to exert control over infected devices. The malware downloads phishing pages mimicking cryptocurrency exchanges and financial institutions to steal user credentials. The analysis covers 59 supported commands with detailed functionality descriptions, providing valuable insights into the malware's capabilities.

Date

  • Created: Aug. 22, 2024, 6:16 p.m.
  • Published: Aug. 22, 2024, 6:16 p.m.
  • Modified: Aug. 22, 2024, 6:52 p.m.

Indicators

  • f91fd4f9b6594446144ba865356fde07669ea0b46a62ddd926bb8cac0aa04dc9
  • f6975b1a9ab8935d45d6c2d94540b67b2374827734593c126785924afffb6634
  • f703f31f7b9ef95f820a724ebcee36377e2f4a42c92756b819bea6f34ec96cac
  • eb779ec4ed2c85e114a18db89b8ef9c7a19adc907748d1f18076e167f79bf04b
  • eb1f89b2edaeda18023a6ea5cd7a4b2997e4839e1f3d57e54c5b7a1b64407874
  • e82b0023abcc4bdb549f319389620c4cbd8ffabe8648168db31db62fd84a6904
  • e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1
  • e3875e3b20be42f38f457cf0b0d85683535472b47535635ec42da52b73b27e6e
  • e328dde9fa6db3da195e813696973657cc4fe636601cb0061a75c5086b04aa95
  • e097bb08da761ae5780e6c600c79738e36285a59589098dde53c88611c1ac66a
  • de242d9428a378a1b0dacb2e8d481fdfb062a47450f815c13e105975d5a41663
  • d887be78f443fabeb348ac2f85e1d42ed4d1c2cfc87d9e314c4b812c0b1fcfd8
  • d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7
  • d23ef9fe27b116d982f8ebafb99587ffc9cc6c9b932f1b2d5efab2dad156e65e
  • cad56908abd1508451a5af4a5304de092f0342ec6a24bbbeb9b3988683483c84
  • c8c73080a2eb18ad1434ac408e916f3f819637550dfe07f20ad79e66ec1b2cf9
  • c32eb3b850a20e4715a6db40635de9fc6cefad840ce7e64e9c68c2b3e378ee7e
  • bff6fb5cbb1c0f8d05e2c6acefcf499a9c22f10d7db8aeda994638bf75018fbf
  • bcae6ea26fe1dd1fa5652e05c1b888186307ad277ce238a255908061b837a484
  • b99fc0a9eea993d6b5a04b0a0b05fe103f164fb85281fcddb04ac686daee065f
  • b5c206d8f980c8fa12a29886fad49f6a1469264055740cdf763efa7f726cd8d7
  • b4379324c7dc1fc623bcd9d2e8099dc3588ac23f87f33151d1c1005a1f33e713
  • b217e4f8143a6fbbad2e0667ce8242fc207274a78ce464af9b122df8ba12690b
  • b1b6a2d91e6fcc07322edce92aa75c13763b6844b2a1a549eeaf0f536bdc6183
  • b009ad0ed336f1e4bff3f452e238b3ea83d3bc7773f52d16d057298c116a95ea
  • ad1182d8bf3b1976e09f45b91085167559bc24e8f5e3f7315f96f344532cbcf8
  • afa3c43141a5b6f2473d49cdfa0bce1bf0af235a40f3ec092299287291137841
  • ab85b62cad1a4009bf99c621b4950ee23c413b5c424952f225497bca7a318a99
  • a8cc088426c6406f03ccedbb854e8dc83543d38c98a405db15074e9531731ade
  • a46537ccf4a188091f973a47b7186ee805539a0e5d94c62867cec08cec1c33e6
  • a1a1fbdb6070ff388642974b1616d1955c2a89fbb8702caa02fa6927adbdad6c
  • 9f693923e5641c046bdcadf10b4e2b553d078b98afc2e30f2d72660b1e0161ed
  • 9c136701362e2d661805257c02e23c9aa01b9081e1a559571f947390522fc51b
  • 9b204f839aed79d4c27f8d28198ef596dec9848a27a51f0672743a91e618677c
  • 989cf5faf307304f86db03180978ba4bd93c909bb458db83fcebe4fb48d7a002
  • 9830b91dfcf987a2556afd85893f8569c6ba03e3ebb194ecb6b32dafbc22e1e1
  • 9762eba15b893609b9461125c5adbcaf3bac7fea9536ffca72566abfa1bed084
  • 91fda73902e1a2a76b999df11caa4532c9c440d6f3da63dc03e0a78109d7583a
  • 8bbb6cd5277177beb86b037ef77d6fcbae4a51a19668063d4d1b40ce2453dad3
  • 8a2f6ff8aa1a6b416cb0aaa1530a8178c53760a69ce5c14d1d16ee880c335a4f
  • 8b05684a73f44ed82c0faf424b2d41a0c7b00c2fef4d7dc232c5433739a59f6c
  • 878bb68727daf025c0c9619d1d12337c289489f1190410ca4025c47f39357aa5
  • 85901707c7d058269820671e10af027eeadd39ee15f079cff340eed0f0ac9c2e
  • 868ce8fa932c46b6de18455dfc0935a75029cc10c7b484bc358cdfabf0b0c533
  • 7ffbc88e97be67214ad17325142ceb54823a5bdcebdbd4e4c9d0c65b3f0a1813
  • 7fa3d58a0056e8492a84894a6fd3b3d0d87ff1f9656f5e54b10580b9a4a4fd6a
  • 7b3262b6c3ad52e50e2ec6faf1ffb12ca08f0d17ac4f90420f13a6053b7f9622
  • 7a165645df48f6bde0fd5939a3e15d160826d944e603c34d46a7285f02f0941e
  • 790b166081fd763cc6239881a78ba5c4d757b8f98d1b5d5f7abfdede76f54c05
  • 767e4c42cefc4a29921f612f14611cf56b7d950ba91ccdd3a59adb57f25b7d18
  • 731a58248c7b467bc9d9a7482d8cb010242b3a534904ddc39471fa0620752d22
  • 6bc1ac4f844a6940c9e083c32bbf3f469b1322cc5aa83e12ab1a7f35cdb51c23
  • 6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708
  • 5bc6f1986a6e794e8feb78c763fef5f8cbb59f3696daa468aba058fb79befbf0
  • 6b15d8508e6782c25dc48618bbbe9b53c8c9a822655a8e52b7370e034fae7564
  • 4daf21a708afc06c0da4ee6e192a6db6405efb1e3a9eb6905cc69d501e781c8b
  • 4b43f7145eebe4c07d208911b9d74c7c996a5037a04d52e4c38a80c2456d1187
  • 472feeabc60fdcc87345574586a7599ead1625c94bf75f373e9086b4a6cfedbe
  • 447c387fca23aea2b0b78f1cf9ee1c369078196fe3c3051bb99309268d4a9f79
  • 41b61acc644add0a40ec6dbda231ae41f9de478fbf8cc029bc89d95a2829a53e
  • 40df5d874ed86aa65454d3d7becc334b7ca2dcb11754f9131135071a98752691
  • 376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7
  • 2d5e80f752608faa23f05e6558a695fcac261d78b9979d6746dc11dc995665e3
  • 2a5d05a6bfb3a73a91d88c15384c9b384d9309e8db0ed4e348d1a85d0f6729db
  • 2a1118c91d97a34e06344191eff546c062f81ccf58a7fa7bf1ec206a42d36c2b
  • 28323f93a6657363a0637341358303485d2cf240995457fc8393fb6b74f10d30
  • 29e642ef6bd41f343f66210e924724bb343432affd1ed25bf386d638ae79ee87
  • 24a58d1168d02009c97095e75387765e63b320a0dde1f8a9a7c8e3689a3f6dfb
  • 230f3d74004fee235055e786aba413abff2ed5cf4faa1987a070493be28c75d1
  • 22988cbb286f387036ced6fca6bb72b9f5e326706ad99065bc04bb8cb5dc4a12
  • 22046aaef8a6439d1f5f2980b4d6282e7b69e98c95a0f52010d8953f0cb5e736
  • 1a3e682c924edc1dc0a525f7f1c3e2534cb2945dfaf5bad52089592d216c6c7b
  • 1487cfbb6d702b8b2cfa88a6d586c092cdfbb472274ff54f894df35edd2f9d3e
  • 19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a
  • 13b904ed2391fed303979b8b8fe0ac72a356cab091057600237fc8ac784db82a
  • 136efade44da726858480a9b56aab5a9509e7c04b71fec08e9b779c069632d8c
  • 11470b5107f563c19ab92929a0e0ee5cf1b0c95fdd146f69ff9f9d4123f908cb
  • 0280536885bb406bc8cd90631bb48ddd809dcf16ecfb5acdc2e75c40171a63af
  • 01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f
  • 46.249.35.219
  • 213.109.192.177
  • 213.109.147.35
  • 212.237.217.111
  • 193.31.41.93
  • 193.3.19.37
  • 176.126.113.210
  • 159.100.20.184
  • 176.124.32.39
  • 159.100.13.181
  • 146.19.143.42
  • 146.103.41.28
  • 80.251.153.96
  • 194.99.22.182
  • scarica-app.site
  • scarica-app.icu
  • scarica-app-token.com
  • la-nuova-app.cc
  • la-mia-app.com
  • generali-verifica.com
  • installa-app.com
  • entrar-y-confirmar.com
  • enlace-cliente.com
  • descarga-app-sign.com
  • datos-cliente.com
  • clienti-dati.com
  • clienti-verifica.com
  • descargar-e-instalar.com

Attack Patterns

  • Copybara
  • T1600.001
  • T1592.001
  • T1600
  • T1592.002
  • T1548.002
  • T1537
  • T1583
  • T1548
  • T1530
  • T1497
  • T1518.001
  • T1518
  • T1496
  • T1498
  • T1592